Accu-Chek Combo Pump: Accessing and documenting Bluetooth communication

[Tim Omer]

Hello everyone,

I wanted to start a dedicated thread on hacking the Accu-Chek Combo Pump. One location to help share current knowledge and disscuss possible next steps.
Final aim: control the pump over Bluetooth from mobile app.

Mikael Rinnetmäki, Oliver Schumacher - I read on an older thread you discussing this pump, do you have any information you can share or any tests you are currently performing / about to perform?
Mikael - you say you are aware of someone who has been able to reverse engineer and use the bluetooth interface, if you are willing to share their contact details I will be happy to get in contact with them to get more information. If so please DM me.

Stephen Black - we have spoken briefly about xDrip and that you are working on android Bluetooth libraries for the medtronic pumps and that you have been teaching yourself along the way! I have a few questions...
- How did you discover if the device is Ble or normal Bluetooth?
- What HW and SW have you setup \ recommend for hacking the Bluetooth comms?
- Any tips to help get me started?

What I know so far:
- Putting the meter into pairing mode by holding down the backlight and power button - you can see meter from an Android phone, but PIN in unknown
- you cannot discover the pump when it is in pairing mode
- To pair the pump and meter...
1. Put the meter into pairing mode
2. Go to bluetooth menu on pump and Add Device
3. Pump will search for meter, it will connect and then prompt to enter code on meter (note this code changes each time)
4. Meter allows code to be entered to complete pairing

It appears that the pump and meter know how to identify each other and the code allows the user to confirm the match.


Sorry to be directing questions at people, I hope you don't mind. I will also be hunting the internet for anyone else who can assist and directing them to this thread.

Thanks,
tim

[Oliver Schumacher]

Hi Tim,

i am sorry. I don't haver any results yet. I am still trying to get decocare up and runnning.

just for testing medtonic pump. For any reasons i didn't get the CareLink usb up an running.

But yes i also think it is a good idea. To mess i little bit with the Accu Check. Maybe i switch the next days to this.

In this moment i am blocked on Carelink.

If you start something please share.

CU Oliver.

[Benjamin West]

For getting deocare running,

What happens when you do: lsusb?

If there is a Medtronic device listed in the output, you can use:

python -m decocare.scan to have it "guess" at the usb/serial port automatically.

If this produces "IndexError: pop from empty list", what is happening is the system is recognizing the USB, but does not know how to provide you with a logical device for it in the operating system.

To solve this problem, you can use "./insert.sh" at the base of the repo after the stick is plugged in, which should create a serial device that decocare can then use.  Using ./insert.sh on an as-needed basis should work fine, but there is a way to automatically tell Linux to perform these actions automatically when you plug in the stick.

* https://github.com/bewest/decoding-carelink/blob/master/80-medtronic-carelink.rules

Putting this file in "/etc/udev/rules.d/80-carelink.rules" will allow the system to create your serial device automatically.  At this point, it might be only accessible by "root" user.  On my system I have an additional rule, GROUP="plugdev", added to line 19 which is a group my personal user belongs to, so I never need to use root.

HTH,

-bewest

--
You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/1154774d-c985-4b58-a833-24adc8441bd9%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Oliver Schumacher]

Hi,

when i type dmesg i got this output.

 

[80038.064121] pmic_ccsm pmic_ccsm: USB ID Detected. Notifying OTG driver

[80038.930412] dwc3-host dwc3-host.2: xHCI Host Controller

[80038.931142] dwc3-host dwc3-host.2: new USB bus registered, assigned bus numbe                                                                                                                                                             r 1

[80038.931399] dwc3-host dwc3-host.2: irq 34, io mem 0xf9100000

[80038.931543] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002

[80038.931568] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=                                                                                                                                                             1

[80038.931588] usb usb1: Product: xHCI Host Controller

[80038.931607] usb usb1: Manufacturer: Linux 3.10.17-poky-edison+ dwc-xhci

[80038.931626] usb usb1: SerialNumber: dwc3-host.2

[80038.932397] xHCI xhci_add_endpoint called for root hub

[80038.932418] xHCI xhci_check_bandwidth called for root hub

[80038.932679] hub 1-0:1.0: USB hub found

[80038.932725] hub 1-0:1.0: 1 port detected

[80038.933318] dwc3-host dwc3-host.2: xHCI Host Controller

[80038.933706] dwc3-host dwc3-host.2: new USB bus registered, assigned bus numbe                                                                                                                                                             r 2

[80038.933876] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003

[80038.933901] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=                                                                                                                                                             1

[80038.933921] usb usb2: Product: xHCI Host Controller

[80038.933940] usb usb2: Manufacturer: Linux 3.10.17-poky-edison+ dwc-xhci

[80038.933958] usb usb2: SerialNumber: dwc3-host.2

[80038.934609] xHCI xhci_add_endpoint called for root hub

[80038.934629] xHCI xhci_check_bandwidth called for root hub

[80038.934900] hub 2-0:1.0: USB hub found

[80038.934945] hub 2-0:1.0: 1 port detected

[80038.998460] pmic_ccsm pmic_ccsm: USB VBUS Detected. Notifying OTG driver

[80039.710050] usb 1-1: new full-speed USB device number 2 using dwc3-host

[80039.731488] usb 1-1: device descriptor read/8, error -75

[80039.863115] usb 1-1: device descriptor read/8, error -75

[80040.089866] usb 1-1: new full-speed USB device number 3 using dwc3-host

[80040.112851] usb 1-1: device descriptor read/8, error -75

[80040.242862] usb 1-1: device descriptor read/8, error -75

[80040.469648] usb 1-1: new full-speed USB device number 4 using dwc3-host

[80040.492715] usb 1-1: device descriptor read/8, error -75

[80040.622436] usb 1-1: device descriptor read/8, error -75

and lsusb says :  

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

i already have done the insert.sh

the script scan.py gave me that error you have discripted.

I use an Intel Edison Board with an aktuell Yocto Kernel. I don't have the folder /etc/udev/rules.d/.....

Any proposal for me. What to try next ?

Thanks is advance.

Oliver 

[Oliver Schumacher]

Hi,

in the Moment a have type this post i see a big differenz.

Your insert.sh script set's up a serial device with vendor 0x02a1 and product 0x8001.

My CareLinkUSB is Vendor=1d6b, Product=0003. 

I thought the CareLinkUSB is the right device. But it looks different.

Should i customize my insert.sh script  to that values ?

CU Oliver

[Benjamin West]

What does uname -a say?

You must be using usb 3.0 ports.

* https://gist.github.com/bewest/6488955

A year ago, I worked with the linux-usb list to look at this problem:

http://marc.info/?t=139464544900001&r=1&w=2

With usb 3.0 ports, Linux is using the usb 3.0 "xhci" standard, which does not provide appropriate behavior for legacy devices.  By the time I was testing, it looks like anything greater than linux 3.11 or 3.13 might work on a sometimes basis.

As in: sometimes it will work and sometimes it won't.  I'm currently using Linux 3.16.0-30-generic, and it works sometimes.  Usually by the fifth try, a serial device is created.

As of Linux 3.18, the problem should be mostly gone, I built a special version including the patches, and it works about 80% of the time, (and doesn't need ./insert.sh either.. it's all automatic now).

HTH,

-bewest

--

You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/a9043288-79dd-42a5-9ffd-349869ea2b3f%40googlegroups.com.

[Benjamin West]

Yes, excellent point.

You can try:

sudo modprobe usbserial vendor=0x1d6b product=0x0003

-bewest

--
You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/b9adc5b1-8aba-4bac-9561-89b72d7fa025%40googlegroups.com.

[Gustavo Munoz]

What I did was to set-up a cron job to run ./insert.sh on bootup.

[Tim Omer]

Thanks Oliver, if you have any suggestions on where to start please do let me know. Im still researching how to hack the BT.

All - without sounding like a complete arse would you mind keeping this thread on topic with the Accu-Chek pump hacking. I wish to keep a central hub of progress that anyone can quickly read and contribute too. If you have a suggestion on a better way to do this please let me know!

[Oliver Schumacher]

root@NS2GO:~/bin/Python/decoding-carelink# uname -a 

Linux NS2GO 3.10.17-poky-edison+ #1 SMP PREEMPT Fri Jan 30 14:16:35 CET 2015 i686 GNU/Linux

 

The Board has only a USB 2.0 USB-OTG Port.

So it looks poor for the Edison to run the CareLink USB.

Is an a Rasperry PI a USB3.0 and a newer kernel ?

Oliver

[Oliver Schumacher]

Hi Tim,

sorry still like you. You are right. 

Yepp as far as i know the Bluetooth story is similar to the USB one.

I have talked with some guys. Cause of Bluetooth is encrypted. You can not hack into it.

The only thing with simple methods is to emulate an pump. By starting an a device a Bluetooth profile like a pump.

When you have an rooted android phone maybe it is possible to emultate an Bluetooth profile from an Accu Check pump.

Or another Device like an resperry or edison which i use actually.

Then it will be posible to capture some commands from the AccuCheck remote.

The we can turn the play emulate an remote to command a pump. That would be the Idea.

I saw on Bluetooth.org some definitions. But i don't know if these definitions are used from AccuCheck.

https://developer.bluetooth.org/gatt/services/Pages/ServiceViewer.aspx?u=org.bluetooth.service.glucose.xml

CU Oliver

[Tim Omer]

Hey Interesting,

I was thinking about making the phone appear as a pump and meter - but it never crossed my mind to emulate the pump to capture the commands from the meter.

I guess the start would be to sniff the pump Bluetooth profile when it is in pairing mode - ill look into that process.

Do let me know if you have any other ideas, I now have somewhere to start!
(good luck with your current issue, sorry all again on being thread protective ;) )

[Oliver Schumacher]

Not big deal. Actually i have had serveral long nights on this stuff.

But all full of hope one day our hole familly could have a good one.

As far as i understood an APS is highly capable to promise that.

:-)

Oliver

[Benjamin West]

For bluetooth, you may find a tool like this helpful:

https://penturalabs.wordpress.com/2013/09/01/ubertooth-open-source-bluetooth-sniffing/

Last summer a salesperson let me spend about 30 minutes with the system.  From what I can tell it also uses an IR port, and several bluetooth modes, meter commands, pump emulation, etc.  When I asked if I could have the data protocols, they told me they could not release the information without endangering all patient safety.  As a result, I assume the encryption is relatively weak, and probably depends on some private key they likely share with researchers under NDA?

If you can pair with the device, from any angle, either as pump, as meter, that would be a huge step forward!

-bewest

--

You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/11eb0404-2c27-4b08-861b-15755b1532ad%40googlegroups.com.

[Tim Omer]

Thanks bewest, I have been reading about the ubertooth - will see what I can do without and will invest in one if need be.

You are correct there is a ir port, from a consumer perspective you can only download data and upload pump profiles. That would be useful but you have to stop the pump and put it in communication mode to use ir.

[Tim Omer]

fyi that ubertooth article if fantastic for anyone looking into bluetooth sniffing, thanks!

[Tim Omer]

Just ordered a Ubertooth One - watch this space

On Sunday, 22 March 2015 22:58:47 UTC, Tim Omer wrote:

[Stephen Black]

I have an ubertooth, wonderful tool, standard bluetooth is a bit tricky though!

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/5bddc124-c105-4326-aa71-ab4c6d81d3d2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Stephen Black Software Engineer

ShopKeep | 800.820.9814

shopkeep.com | facebook twitter linkedin

[Matthias Granberry]

I have an ubertooth that could be loaned out for a few weeks if necessary or I could attempt a data capture from a loaner pump.  Bluetooth security is kind of a hit or miss deal, but medical devices generally do a poor job of it because good security is hard and the number of potential attackers is small.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/0815915a-9286-4445-a169-8c59280bdb50%40googlegroups.com.

[Tim Omer]

Mine should be with me in the next few days, going to get a Linux environment setup for testing.

Matthias, Stephen - any suggestions on programs to use or technique? I do not have a tech HW hacking experience so starting from zero.

[Tim Omer]

Hello everyone,

Update on my progress and looking for some advice from Ubertooth users:

I have successfully set-up Ubertooth, Kismet and Wireshark and able to sniff communication between my pump and meter (virtual hi five)

Observations so far:
- I have sniffed comms when pump and meter are pairing::

• Power Meter on in pair mode (press back light and power buttons)
  • Meter displays its UID and asks that the pump is in pairing mode
  • Meter does not broadcast any data
• Pump put into pair mode
  • starts broadcasting
  • Mac: 00:00:00:9E:8B:33 (only used when pairing)
• Pump Discovers meter
  • Pump changes its to Mac: 00:00:00:00:BD:7B
  • Pump shows meters UID, asks you to accept
  • Accept found meter
• Meter starts broadcasting
  • MAC: 00:00:00:E3:A2:FA
• Pump prompts with 10 digit Pin to enter into meter
• Enter PIN into meter - units paired
• Devices Macs under normal operations:
  • Meter: 00:00:00:E3:A2:FA
  • Pump: 00:00:00:00:BD:7B

It appears that the Mac 00:00:00:9E:8B:33 is only used when pump is broadcasting to find a meter, I would guess that the meter is waiting for this address only hence why it rejects requests from other devices.

Attached are the Kismet logs for this processes.

Next steps (I guess)...
- Produce an app that reproduces the pairing processes
-- advertises its Mac as 00:00:00:9E:8B:33
-- produces a 10 digit pin
- once paired the app can log requests coming in from the meter

If anyone could provide any direction where to go from here would be very helpful. Is there a shell an android app I can use to produce this app? Am im barking up the right tree with my next steps?

Thanks all,
tim

[Tim Omer]

Spent the last few days reading up on Android Studio, while I would love to learn how to develop Android apps this is going to take me far too long.

I have created a job on freelancer to build an Android app that will emulate the pump, connect and log data sent from the meter.
https://www.freelancer.co.uk/jobs/Mobile-Phone/Simple-Android-app-emulate-bluetooth/?updated=true

[Tim Omer]

Quick update:

After a decent night sleep and more research I have been able to build a very basic Bluetooth Android App, but, I need more info on what is happening with the paring process between pump and meter.

Have have documented in detail the process here, with logs and video: https://docs.google.com/spreadsheets/d/1p3_3Y4DmQOwzuUkP04QcVYPbzykp-NB6NcHm0MJm0bE/edit?usp=sharing

Really not sure what to do with this Bluetooth data I am collecting, so have dropped a note on the Ubertooth Mailing List to see if I can get some expert feedback.

If anyone here is at all knowledgeable of the Bluetooth protocol please feel free to take a look at my spreadsheet.

[Oliver Schumacher]

Hi Tim,

nice work.
I took a look how the Edison work and found an document from Intel which explains the Bluez Stack.
Bluez is a Linux standart stack fur Bluetooth. Take a look in it it explains i little bit about connecting and BT Profiles.

http://download.intel.com/support/edison/sb/edisonbluetooth_331704002.pdf

Maybe that will help for basic understanding BT connections.

CU Oliver

[Oliver Schumacher]

Hi Tim,

try this from google playstore  "Bluetooth spp pro" .
It shows you a bit about profiles on Devices.

CU Oliver

[Stephen Black]

Hey hey, sorry I havnt been super active on these boards, if you get a chance post up some of your pcap captures, the accucheck is normal bluetooth so its definitely harder to deal with (currently ble uses silly channel hopping and timings that can super easily be figured out) Also, do you know what kind of bluetooth chip is in there (what branch). Often reading the documentation/sdk gives you a huge amount of information about what they could possibly be doing (figuring out how the share was communicating was as easy as reading the documentation about nordics 'pipes' implementation then reading some forums to see how people were commonly using it)

[Stephen Black]

edit: do you know what brand (not branch)

[Craig sharpe]

I would like to see the pcap trace too.. I have a spare accu chek pump and meter if it helps I can try and take them apart and workout which chipset they're using..

I have a similar aim, would like to be able to create my own iPhone app to control the pump.

Unfortunately I don't have access to any Bluetooth sniffing devices at the moment though but was planning the same thing myself

[Oliver Schumacher]

One Question.
As far as i know bt ir bte is crypted.
So how do you encrypt these telegrams?
Or are these cap files plsin text?

Cu
Oliver

[Tim Omer]

Hey all,

Oliver - thanks for that checking out both items now
Craig - I plan to make and publish libraries for controlling the pump. The android app itself may not be helpful but the code will be there for you to use. If you are happy to hack your pump open would be great help. Unfortunately I only have my pump but hunting for a spare to work on.

Stephen, Craig - on the ubertooth email list it has been suggested that I run ubertooth-follow to capture some useful data, I will do this over Easter. I have captured the paring process already with Kismet, see the following spreadsheet that details what I believe I am seeing and has the log files captured - I believe this has the pcap logs?

https://docs.google.com/spreadsheets/d/1p3_3Y4DmQOwzuUkP04QcVYPbzykp-NB6NcHm0MJm0bE/edit?usp=sharing

[Benjamin West]

I did see some pcap logs in there.

Here's my quick analysis:

https://gist.github.com/bewest/041fc3bac3be7cfbc1e0

bewest@hither:~/Downloads/accu-check/take2$ tshark  -x -r ../pumpmeterpairing-20150401-11-06-02-1.pcapbtbb  | sort -n | uniq -c
    284 
     70 0000  00 00 00 00 00 00 00 00 00 00 bd 7b ff f0         ...........{..
    194 0000  00 00 00 00 00 00 00 00 00 9e 8b 33 ff f0         ...........3..
     20 0000  00 00 00 00 00 00 00 00 00 e3 a2 fa ff f0         ..............
bewest@hither:~/Downloads/accu-check/take2$ ^C
bewest@hither:~/Downloads/accu-check/take2$ ^C
bewest@hither:~/Downloads/accu-check/take2$ tshark  -x -r Pump-Meter-Pair-Process/METERPUMPPAIR-20150326-15-23-25-1.pcapbtbb  | sort -n | uniq -c
    239 
     20 0000  00 00 00 00 00 00 00 00 00 00 bd 7b ff f0         ...........{..
    198 0000  00 00 00 00 00 00 00 00 00 9e 8b 33 ff f0         ...........3..
     21 0000  00 00 00 00 00 00 00 00 00 e3 a2 fa ff f0         ..............
bewest@hither:~/Downloads/accu-check/take2$ 

--

You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/718ce0db-c5a8-49ad-b197-b7609b4041a7%40googlegroups.com.

[Tim Omer]

Hey bewest, thanks for taking a look - is this data at all helpful? Unfortunately this is all beyond my ability.

Over the long weekend I have been able to run ubertooth-follow on the Meter while in pairing mode and captured the following logs.

Also, followed this article and gotten the following info from "sdptool records" on the Meter again in pairing mode:
- Service Name: SerialLink
- Service RecHandle: 0x10000
- Service Class ID List:
  - "Serial Port" (0x1101)
- Protocol Descriptor List:
  - "L2CAP" (0x0100)
  - "RFCOMM" (0x0003)
    - Channel: 1
- Language Base Attr List:
  - code_ISO639: 0x656e
  - encoding:    0x6a
  - base_offset: 0x100

All of this data I am logging on the following site: http://www.hypodiabetic.co.uk/hackabetes

Other than capturing logs I am not sure what else I can do from here, I am looking to see if I can partner with someone who can help me decode this data and work on getting an Android app to connect to the phone.

Please let me know if anyone on this group can assist, in anyway. Happy to create more logs to analyse.

[Oliver Schumacher]

Hi Tim,

if Accu Check uses serial protokoll over Bluetooth will make it easy.
Cause of in all the System we use like Linux/rasp or Android should an BT Serial Stack be availaible.
I cannot open yout capture Files with which software is it made ?

CU Oliver

[Timothy Omer]

Hey,

ubertooth-follow-METER-PAIRING was created with ubertooth-follow, im trying to find out what the log format is. Not much documentation out there will ask on the mail list.

Serial Stack - sounds promising, I have been told to read up on this: http://unix.stackexchange.com/questions/92255/how-do-i-connect-and-send-data-to-a-bluetooth-serial-port-on-linux

--
You received this message because you are subscribed to a topic in the Google Groups "OpenAPS Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openaps-dev/hXDMbpMD3XI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openaps-dev+unsubscribe@googlegroups.com.

To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/6a85151d-e571-4fa8-8f91-51d41612446e%40googlegroups.com.

[lorel...@gmail.com]

Hi,

If meter advertises bellow it means meter is slave device and pump is master here.

It would be good to disassemble meter (it seems it is not for sale anywhere) and search for a bus like SPI or serial using scope and see which chip is responsible for encryption. Typically this is huge step forward to see not-encrypted data and derive key from it.    

btw. have you got https://www.accu-chekinsulinpumps.com/ipus/products/informationmanagement/insulinpumpconfigsoftware.html ? 

It says it can program basal rates in pump. It seems it talks to meter via IR and then meter talks to pump. 

IR would be easy but the question is whenever pump is still online when basal is being programmed (requirement for AP) 

btw2. there is new AccuChek Insight https://www.accu-chek.co.uk/gb/products/insulinpumps/insight.html

https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Exhibits&RequestTimeout=500&calledFromFrame=N&application_id=562093&fcc_id=VWI1239

btw3: there is new meter  AccuChek Connect with Android app https://play.google.com/store/apps/details?id=com.roche.acconnect&hl=en

I couldn't get (regional limit) it but it would show Roche developer's tricks. 

Good luck, hope  AccuChek Insight is available here soon as it looks pretty good. 

L.

[Tim Omer]

Hey Lorel, thanks for your feedback

What tells you the device is the Slave?

Pump Management software:
Yes I have this, there is a version for Pump and Meter. This allows you to read and write some values to the pump, you can have mutiple Basal profiles (5) and set some default values. You cannot control the pump at all and the pump must be stopped and in data transfer mode to use IR.

AccuChek Insight:
Yep, looks cool, I have a friend just move on to it, looking forward to checking it out

AccuChek Connect with Android
This is a digital diary, it can sync with AccuChek Connect meters only, not any of the pump products :(

disassemble meter
Completely agree, I am trying to find a an old unit I can nab, there is one on ebay now for £200 - what is not too bad but a little beyond my current budget. Craig on this list has a spare pump he is considering opening up.
I have been trying to find any FCC documents on the Accu-Chek Combo system, but with no luck.

[lorel...@gmail.com]

I think only slaves advertises services, masters don't. If meter in pairing mode advertises services then pump in pairing mode must be searching for it.

[Timothy Omer]

Sounds logical, thank you :)

You received this message because you are subscribed to a topic in the Google Groups "OpenAPS Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openaps-dev/hXDMbpMD3XI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openaps-dev...@googlegroups.com.

To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/a95d458e-d683-4c85-a988-6438238c119a%40googlegroups.com.

[Tim Omer]

Hey all, quick update from me:

• Have put BT hacking to one side as it far beyond my abilities
  
• xDrip setup fully working with smart watch - just great
• 90% there with hacking the G4 Transmitter to replace batteries (lowering the cost for the self funded)
• Will be learning Android App development next week (I hope!) to start work on code

I had a very interesting lunch with the chap who is managing the Bio-inspired Artificial Pancreas project at Imperial College London, the reaction was interesting, half concern half excited. His main concern is that if anything negative happens by hacking a medical device, the medical device manufacture will take the blame, this will result in the industry focusing time in locking down their products and not innovation - interesting comment. http://www3.imperial.ac.uk/bioinspiredtechnology/research/bionicpancreas

They are using the same Roche pump as me, Roche have provided full documentation on the BT so they can control the pump themselves, clearly they are not able to share these documents - boo. 

He has a simulation system and will be looking at running the pseudocode through it, also he is interested in the logic of the xDrip algorithm - Stephen I have looked around do you have this documented in more detail anywhere? 

Progress - if painfully slow! 

To unsubscribe from this group and all its topics, send an email to openaps-dev+unsubscribe@googlegroups.com.

[Oliver Schumacher]

Hi Tim,

yes BT is pain to capture i did not have luck ether. But i will go on and try.
Maybe there is another way with Accu Check.
When Roche gave Interface Documents away to the Bionic Pancreas people.
The question would be how big has a organisation to be, to be a partner of roche?
And get the Information we wanted.


Question: do you have pictures of the opened G4 Transmitters ?

Xdrip is running fantastic in our rig as well. We skipped using the original Dex.
Cause of is was pain having the USB always connected. We have had about 15 otg cables broken.
Some didn't last longer than a day. But with xDrip is running well.
In Europe is the new Dexcom with BT not available.


Cu Oliver

To unsubscribe from this group and all its topics, send an email to openaps-dev...@googlegroups.com.

To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

[Timothy Omer]

Hey Oliver,

They said to get the BT interface docs from Roche you need to be an academic institute and have a research project. Also they had to sign mutiple documents to say they will not disclose this info and how it was going to be used.

To be honest, even if they did give us the documents we would end up producing code that we cannot share.

Pics of open G4 Transmitter - sure, ill grab some more detailed ones and will send them to you. I have almost got a final stable version of the hacked transmitter and will publish my work soon.

xDrip - I have to admit I am finding the system very unstable. I get erratic readings, for example reading that has double arrows up and the next double arrows down. Also almost all readings are out by 2 mmol. I am not sure if this is a xDrip issues as I do not have a Dexcom receiver to compare with - have you had this issue?

I calibrate the SW at least 6 times a day.

Dexcom with BT in EU - not sure to be honest.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/1d7ef1d2-ecf7-4e0f-9dc5-cc05dc9beec4%40googlegroups.com.

[Oliver Schumacher]

Hi Tim,

i have had both System running. And compared.
It looks like that the xDrip is not filtering noise from the sensor/transmitter.
If we use this for close loop. We have to filter the data ourself.
The calculation from the dexdrip is good and differs not much between dexcom and xdrip.
Very important is the callibration. The best callibration is two time's a day bevore breakfast and bevore evening lunch.
You can add mor calibrations but be aware don't callibrate to often or when you have a high cob or iob level. Than it can be very bad.
Don't use paracetamol it iritates the sonsor.
You should read the calibration how to from the Dexcom site.
The cool thing with xdrip is that you can wear the sensor longer than 7 days.
The dexcom turns off after 7 days. You have to restart the sensor. There is no period of rest.
That realy sucks cause of the timing. I nice feature would be a smal period of rest on the dexcom site.


CU Oliver

[Stephen Black]

Im sorry to hear you are finding it inaccurate.

Some things to note, when you initially started the sensor session in the app it is super important to make sure you are entering the date and time that the sensor was actually inserted, if you do not you will likely have quite inaccurate readings for a while. 

Also as far as calibrations go, be very careful not to over calibrate, 2x a day should be fine, more than 4 a day will be bad. Once when waking up (when bg levels are relatively stable) and once later on in the day. its also important that your calibrations cover a bit of a range, calibrating at around 95 in the am and then around 150 later on in the day will give you a MUCH more confident slope than if you calibrate around 100 both times.

Some other things to note, its generally bad to calibrate below 70 and above 250, 

again, always only calibrate when on level arrows, turn off predictions if you have them on in your settings, stay hydrated (dehydration will make the dexcom sensor read higher than actual and cause it to miss lows more frequently) and make sure your hands are washed and dried when calibrating.

[Timothy Omer]

Thanks both, this is very informative - I have taken note.

Stephen - what events triggers xDrip to request a calibration?

("Im sorry to hear you are finding it inaccurate." - you should not be sorry at all! ;) )

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/53522e36-3fc4-4896-87d4-0a357c2ccda1%40googlegroups.com.

[spiph23]

https://github.com/GeoffWyche/RTDemo

Hey Tim, this is the beginning of ported decocare to Android.  Since you are going to be learning, this should help out.

Toby

[Tim Omer]

Hey all,

Toby - ta for that
Oliver - photos as requested, I hope to do a blog post this week on the hacked transmitter I am using. Also, check these great pics

Oliver, Stephen - second G4 sensor is working well, thank you for the tips!

[Tim Omer]

Hey everyone,

Quick update on my project.

I have now built a Open Loop Artificial Pancreas Android app, the app completely replaces the Roche meter in that in captures my treatments and has a bolus wizard. The app is Open Loop so gives a suggestion based on a interval set by the user.

Right now I have this setup to give me notifications (if a temp basal is suggested) every 15 mins via Android Wear and manually set the pump - its a surprisingly usable system.

More details: http://www.hypodiabetic.co.uk/home/blog/diabetes-life/diy-open-loop-artificial-pancreas

Now I am looking at getting help hacking the BT interface of the Roche pump, if anyone can assist please do let me know.

[Ilham BEN ABBES]

Great, I have also an Accucheck Combo insulin pump and would try tout app but won't br of any help on hacking the pump. I'm notre good in techno.

[Brandon B.]

I went ahead to grab the app and so far I'm very please even not using my pump yet. I'll begin on 10.20.2015 have tandem tslim g4.

The ui has taken be a bit of getting used to but having read your blog that this is a first venture into android programming I'm VERY pleased with the end results and had I been in your shoes would be quite proud of myself. 

[Tim Omer]

Thanks Brandon, the UI ideas are from an afternoon of me looking at Marital Design dashboard layouts on the web, if you have any suggestions please do let me know, would be very welcomed

[Tim Omer]

Craig - did you ever open your pump and see what chipset is in use?

I now have a spare pump to work on, but reluctant to open it in case I damage it.

[Grégory Beloncle]

Hi,

I have same aim too! I am a software engineer with old experience with Bluetooth so I may help you on Bluetooth but not on app development!

I tried an air sniffing but did not manage to sniff the encrypted info, what after pairing happens. Don't know exactly why, maybe they change the mac address or use a higher level for pairing (as far as I remember there are 3 levels).

So other way to sniff is to sniff the uart interface between the bt chip and the controller (the host).

I open my meter and they simply use an old BC4 from company CSR, I assume they use same chip in pump.

Now the big deal is to find the 2 test points for the Uart.

I have no time at the moment but if one of you has a good idea or find it let me know! Then we could sniff the hci traffic and read the spp Protocol in clear, hci is not encrypted. We could even get the link key which would help for air sniffing but I assume the link key is modified at each connection, what would explain why air sniffing is not working.

But even with clear spp protocol reading then a big work is necessary on reverse engineering a protocol!

Cheers
Gregory from Germany

--

You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/c481675e-8f62-4913-942e-38d8e14ceceb%40googlegroups.com.

[Tim Omer]

Hey,

Any BT hacking is completely over my head! I have made contact with someone in London who should be able to assist me with this.

Do you have details of the chipset used or anything else you have seen?

Also, check this out: https://apps.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Exhibits&RequestTimeout=500&calledFromFrame=Y&application_id=LLyEXj8zwVovjLfH%2BagTrQ%3D%3D&fcc_id=RAH3
And this, you are correct the mac does change: https://sites.google.com/a/n-omer.co.uk/hackabetes/home/pump-control

[Grégory Beloncle]

Hi Tim

Up to now what I saw is nothing special, they use a so called hci chip and protocol use the so called SPP for serial port protocol as interface. Bluetooth is 2.0

As air sniffing is difficult, I suggest using uart sniffing. So now we need to find where uart is, this can be done by anyone with some electronics know hiw. I would suggest finding datasheet from both bc4 and micro controller and try to find where the tests points could be depending on chips pinning (I suggest looking on meter side, it is quiet easy to open).

Then let me know and we can sniff hci traffic.

Thanks for fcc link but there is nothing special in it, standard fcc tests.

Cheers
Gregory

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/7a6f0c2d-51a5-40d8-916f-7db5c23e7164%40googlegroups.com.

[Tim Omer]

Thanks Gregory, will keep any updates on this thread.

-tim

[Ilham BEN ABBES]

Hi,

I don't know anything about hacking but I found that, I do not know if it could be helpful for you but in case :

http://null-byte.wonderhowto.com/how-to/hacks-mr-robot-hack-bluetooth-0163586/

http://null-byte.wonderhowto.com/how-to/hack-bluetooth-part-1-terms-technologies-security-0163977/

Ilham

[Timothy Omer]

Hi, thanks for that.

Luckily I have been able to partner with someone in London much more knowledgeable than I am in BT hacking, they are away right now but hope to look into it some more soon.

[Craig Sharpe]

Got one in bits but not sure it's going to be easy to get a signal wire whilst it's powered up

--

You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CAJWvVK5R7bSB%3D%2BM0ea0_dpBq_y5B13ZFOZ%2BsP2fqgRHGuhbWhA%40mail.gmail.com.

[Timothy Omer]

Nice Craig, will give you a yell if we need to open one up, right now we hope we can perform a mitm attack

You received this message because you are subscribed to a topic in the Google Groups "OpenAPS Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openaps-dev/hXDMbpMD3XI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openaps-dev...@googlegroups.com.

To post to this group, send email to opena...@googlegroups.com.
Visit this group at http://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CABx87%3DhXNLsu%2BFRoEk6DVW0Vwzc71BLAuzy9m7k2uRscH6WKSg%40mail.gmail.com.

[Craig Sharpe]

There's a copy to the Bluetooth module datasheet here, which may be helpful when selecting the right tools to perform your man in the middle attacks

http://pdf.datasheetarchive.com/indexerfiles/Datasheets-SL4/DSASL0073625.pdf

Hope this helps, give me a shout if there's anything I can do to help

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CAJWvVK6L4ed9kNtE_9zg%3DUExBE61XQTvSbMKxSv7g2H7BUXs7g%40mail.gmail.com.

[Grégory Beloncle]

Hi

Strange that you found the datasheet, this should be confidential information!

Then you can see where uart tx and rx are on chip (j10 and j11) and then can better found it on pcb. These signals need to go on connector as well, to connect to microcontroller host.

When you find it then you need a level shifter and a hci sniffer on your pc.

Regards
Gregory

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CABx87%3DhtRQ78T2eX82TeoTEDQJdT-n%2BGg1mcrB2kTKoXCZWcgw%40mail.gmail.com.

[Tim Omer]

fantastic, anything else send it over!

[Tim Omer]

Hey Craig, can you get a photo from the side of how the two boards are connected?

[Craig Sharpe]

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/6a13fd09-c9f4-40b7-8f0b-12e85bf448b8%40googlegroups.com.

[Timothy Omer]

Great, thanks!

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CABx87%3DiqJSgVvUdCA4uSmFH6paOfdZZ84O77LPvT3cUNNX4JQw%40mail.gmail.com.

[johanne...@posteo.de]

Hi,

I just found this great project and as a user of the Spirit Combo I found this thread.

Is there any progress?

I would like to contribute, did someone open up the metre yet?

Cheers,
Johannes

On Saturday, 21 March 2015 00:49:13 UTC+1, Tim Omer wrote:

Hello everyone,

I wanted to start a dedicated thread on hacking the Accu-Chek Combo Pump. One location to help share current knowledge and disscuss possible next steps.
Final aim: control the pump over Bluetooth from mobile app.

Mikael Rinnetmäki, Oliver Schumacher - I read on an older thread you discussing this pump, do you have any information you can share or any tests you are currently performing / about to perform?
Mikael - you say you are aware of someone who has been able to reverse engineer and use the bluetooth interface, if you are willing to share their contact details I will be happy to get in contact with them to get more information. If so please DM me.

Stephen Black - we have spoken briefly about xDrip and that you are working on android Bluetooth libraries for the medtronic pumps and that you have been teaching yourself along the way! I have a few questions...
- How did you discover if the device is Ble or normal Bluetooth?
- What HW and SW have you setup \ recommend for hacking the Bluetooth comms?
- Any tips to help get me started?

What I know so far:
- Putting the meter into pairing mode by holding down the backlight and power button - you can see meter from an Android phone, but PIN in unknown
- you cannot discover the pump when it is in pairing mode
- To pair the pump and meter...
1. Put the meter into pairing mode
2. Go to bluetooth menu on pump and Add Device
3. Pump will search for meter, it will connect and then prompt to enter code on meter (note this code changes each time)
4. Meter allows code to be entered to complete pairing

It appears that the pump and meter know how to identify each other and the code allows the user to confirm the match.


Sorry to be directing questions at people, I hope you don't mind. I will also be hunting the internet for anyone else who can assist and directing them to this thread.

Thanks,
tim

[Craig Sharpe]

Hi, I managed to get it open and posted pictures further up in the message trail, also a link to the datasheet of the Bluetooth chip used.

Let me know if you cannot find them and I will send them

Cheers

--
You received this message because you are subscribed to the Google Groups "OpenAPS Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev...@googlegroups.com.
To post to this group, send email to opena...@googlegroups.com.

Visit this group at https://groups.google.com/group/openaps-dev.
To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/68c89b49-76f3-4331-a533-13181e5dab2e%40googlegroups.com.

[Timothy Omer]

Hey all,

I am the developer of HAPP and working on Android integration with the Combo. We have made some great progress but currently stuck with the BT pairing process between Phone and Pump. Code is not freely available yet, if you have any experience with Android and BT please do PM me and ill provide more details.

Ill be posting here and on gitter once something is usable! 

https://gitter.im/timomer/HAPP

You received this message because you are subscribed to a topic in the Google Groups "OpenAPS Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openaps-dev/hXDMbpMD3XI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openaps-dev...@googlegroups.com.

To post to this group, send email to opena...@googlegroups.com.
Visit this group at https://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CABx87%3DgMuc9QXxF4mg778o-%2BkB-6Zb27RS8SD7Lt3Cd-RP2iXw%40mail.gmail.com.

[Timothy Omer]

Hey Gregory, what did you use? Ubertooth?

There is a gitter group with poeple looking at this, but its gone a little cold right now - can you PM me on gitter? timomer

On Thu, 10 Nov 2016 at 18:16 Grégory Beloncle <gregory....@gmail.com> wrote:

Hi all

I hopefully managed to Bluetooth sniff over the air communication between pump and remote! It was not that easy but I found a way doing it.

Now, I would like to know who would be interested helping reverse engineer the used protocol?

And as somebody a good idea to exchange on this topic without disturbing everybody with details?

Experience with reverse engineering would be really helpful.

Thanks
Gregory

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CAJWvVK5z_VnvAB-buKr3nm6Y1C6Wbkf9Q4-%3DKgn93PZnjw%2BFSg%40mail.gmail.com.

[Craig Sharpe]

Can you post a link to the output and I will have a look.. though I'm no expert :-)

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CAJWvVK6Gyap7c2ogaa%3D74n6ir--2a8RD18cRS7aWHt-ngDfzLQ%40mail.gmail.com.

[Grégory Beloncle]

Hi all

I hopefully managed to Bluetooth sniff over the air communication between pump and remote! It was not that easy but I found a way doing it.

Now, I would like to know who would be interested helping reverse engineer the used protocol?

And as somebody a good idea to exchange on this topic without disturbing everybody with details?

Experience with reverse engineering would be really helpful.

Thanks
Gregory

Le 3 juin 2016 11:12:28 PM Timothy Omer <T...@twoit.co.uk> a écrit :

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CAJWvVK5z_VnvAB-buKr3nm6Y1C6Wbkf9Q4-%3DKgn93PZnjw%2BFSg%40mail.gmail.com.

[lorel...@gmail.com]

You might find this useful https://github.com/dunsmosf/APMMP-git/tree/master/IronMan/RocheDriver
And wish you all good luck :) 

[Craig Sharpe]

This looks very interesting, just wish I had an android device now lol I try this on

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/507e6b29-3585-45b2-b00b-efe098fe7415%40googlegroups.com.

[lorel...@gmail.com]

There is 10K GBP  piece missing :(

[Craig Sharpe]

Oh, that's unfortunate..

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/746ce6f6-cd22-4059-b3ca-7bdc7e172cf0%40googlegroups.com.

[Grégory Beloncle]

Looks interesting, thanks a lot sharing it!

How did you find it?

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/507e6b29-3585-45b2-b00b-efe098fe7415%40googlegroups.com.

[lorel...@gmail.com]

I was searching for "bolus" on github code search and this beauty popped up.

[lorel...@gmail.com]

Main CPU picture attached, couldn't identify it.

[Timothy Omer]

Thank you lorelaijane!

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/9ca10fb4-d58b-4f00-a612-9982ae1b2d33%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

IT Consultant, Diabetic Hacker | www.twoit.co.uk

[Robert Buessow]

Did anybody get the APMMP code to work? Do you think it can work at all?

[Timothy Omer]

Not as far as I'm aware Robert, I'll ask the group for a better answer

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/55bd0cfc-c79a-4d0d-8785-235d3b9f3a31%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Timothy Omer]

As promised, a better answer....

"I got it running. At least until it is connected with the pump. No remote screen yet
But it needs some modifications and lots of try and error to build and deploy
And of course it works only with old androids"

In a nutshell time is the limiting factor to review and rewrite code. If there is any android dev out there who is reasonably skilled and has the time please get in contact with me, we also maybe able to donate a combo if needed

[Azar Ali Zain]

I just went through the APMMP code and found that the actual driver/BT connect modules and other important stuff is actually here: https://github.com/dunsmosf/APMMP-git/tree/master/dias/RocheDriver/src/edu/virginia/dtc/RocheDriver

[Robert Buessow]

I got the RocheDriver running on my phone and got it trying to connect to the pump. However, the pump doesn't see the phone when it's in discovery. Were you able to bond the pump with the phone?

[Timothy Omer]

Hey Robert, sorry for the late reply - been a busy week.

The repo you found the team are working on a clone of this, I'm sure this repo has been shared on this thread already.

To date, we have been able to pair with a mobile, but it has been a long bumpy road to get there and we are not able to control the pump yet. A few of the discoveries are that you need Android Version 4.x due to a BT stack change, a pin and some SW adjustments. 

As of right now, lack of time has stalled any more investigations. If you have skills in BT Comms and Android Dev PM me and I can introduce you to the group. fyi the group is closed as this is commercial software, not everyone is keen to be seen publicly working on it.

-Tim

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/c3e4291e-9964-4aa3-9782-8284f582a2e5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Sandra Keßler]

With many thanks to LoriLori's BT Key and the github repo I have started writing a own small App for controlling the combo and got to some point (pairing and remote display operation):

https://twitter.com/fishermen21/status/865655631780368385

As soon as this is somewhat stable I will release the full source!

[Timothy Omer]

This is just amazing! Two years ago when I started this thread it seemed almost impossible, where to start!?

This pump will be great for the community, I'm humbled and overwhelmed by the effort and personal time everyone has spent on this.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/4af10f2e-03b4-478b-9fcb-cc5296b3f33c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Bog Dan]

Woooow! I've been waiting and watching this discussion group for a long time...and finally, thanks to you, the good news arrived!

THANK YOU!

The Accu-Check Combo is very popular in Europe...

To unsubscribe from this group and stop receiving emails from it, send an email to openaps-dev+unsubscribe@googlegroups.com.

To post to this group, send email to opena...@googlegroups.com.
Visit this group at https://groups.google.com/group/openaps-dev.

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/4af10f2e-03b4-478b-9fcb-cc5296b3f33c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Bogdan Gorescu

[Sandra Keßler]

I have released the sources for the remote control app on Github at https://github.com/monkey-r/ruffy

its ongoing work and I made it fully public (Facebook, Twitter, Gitter channels)

Current status is parsing of the remote screens to get the informations needed to remote control the pump via OpenAPS/androidAPS

To view this discussion on the web visit https://groups.google.com/d/msgid/openaps-dev/CAOWJ__EKzPVpJv-Oji%2B8eCR8nUx2YzNSZFCfTSwq7e%3DnvHFDyQ%40mail.gmail.com.

[Timothy Crane]

Hi Craig. Thanks for the pics. They were the only ones I could find anywhere after looking for quite awhile. I have a pump that had a bad piston motor and a brand new "temp pump" from Roche that supposedly only works for 180 days....... So I'm thinking about trying to replace the bad motor with the one from the "Roche loner pump"...... Very curious about how you disassembled the pump and did you damage it in any way while doing so........ Any advice before I start would be greatly appreciated. Thinking about a heat gun and a razor knife????